Abstract
Within the traditional telephone system a certain level of quality and security has been established over the years. If we try to use IP Telephony systems as a core part of our future communication infrastructure (e.g. as classical PBX enhancement or replacement) continuous high availability, stable and error-free operation and the protection of the privacy of the spoken word are challenges, that definitely have to be met.
Since manufacturers start deploying new end systems and infrastructure components rather fast now — a critical inspection of their security features and vulnerabilities is mandatory. The critical presentation of the theoretical background of certain vulnerabilities, testing and attacking tools and the evaluation results reveals, that well-known security flaws become part of implementations in the new application area again and the security level of a number of examined solutions is rather insufficient.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35413-2_36
Chapter PDF
Similar content being viewed by others
References
D. Balenson. Privacy enhancement for Internet electronic mail: Part III: Algorithms, modes and identifiers. RFC 1423, January 1993.
ITU-T. Security and Encryption for H. Series (H.323 and other H.245 based) Multimedia Terminals. ITU-T Recommendation H. 235, February 1998.
OpenH323 Project. OpenH323. http://www.openh323.org/.
OpenH323 Project. OpenH323 Gatekeeper. http://www.opengatekeeper.org.
Christoph Rensing, Utz Roedig, Ralf Ackermann, and Ralf Steinmetz. A Survey of Requirements and Standardization Efforts for IPTelephony-Security. In M. Schumacher and R. Steinmetz, editors, Sicherheit in Netzen und Medienstrdmen, Informatik aktuell, pages 50–60. Springer Verlag, September 2000.
H. Schulzrinne. RTP profile for audio and video conferences with minimal control. RFC 1890, January 1996.
H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson. RTP: A Transport Protocol for Real-Time Applications. RFC 1889, January 1996.
Markus Schumacher, Ralf Ackermann, and Ralf Steinmetz. Towards Security at all Stages of a System’s Life Cycle. In 2000 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), 2000.
Markus Schumacher, Christian Haul, Michael Hurler, and Alejandro Buchmann. Data-Mining in Vulnerability Databases. (90), 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Ackermann, R., Schumacher, M., Roedig, U., Steinmetz, R. (2001). Vulnerabilities and Security Limitations of Current IP Telephony Systems. In: Steinmetz, R., Dittman, J., Steinebach, M. (eds) Communications and Multimedia Security Issues of the New Century. IFIP — The International Federation for Information Processing, vol 64. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35413-2_5
Download citation
DOI: https://doi.org/10.1007/978-0-387-35413-2_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-4811-6
Online ISBN: 978-0-387-35413-2
eBook Packages: Springer Book Archive